2014-02-03 19:23:00 +00:00
|
|
|
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
|
2013-06-12 15:59:58 +00:00
|
|
|
|
2012-04-23 06:55:16 +00:00
|
|
|
class Token < ActiveRecord::Base
|
|
|
|
|
before_create :generate_token
|
|
|
|
|
|
|
|
|
|
belongs_to :user
|
|
|
|
|
|
|
|
|
|
def self.check( data )
|
|
|
|
|
|
|
|
|
|
# fetch token
|
2015-04-27 13:42:53 +00:00
|
|
|
token = Token.where( action: data[:action], name: data[:name] ).first
|
2012-04-23 06:55:16 +00:00
|
|
|
return if !token
|
2013-06-12 15:59:58 +00:00
|
|
|
|
2012-04-23 06:55:16 +00:00
|
|
|
# check if token is still valid
|
2015-02-22 18:10:54 +00:00
|
|
|
if !token.persistent &&
|
2015-05-01 12:27:57 +00:00
|
|
|
token.created_at < 1.day.ago
|
2013-01-03 12:00:55 +00:00
|
|
|
|
2012-04-23 06:55:16 +00:00
|
|
|
# delete token
|
|
|
|
|
token.delete
|
|
|
|
|
token.save
|
|
|
|
|
return
|
|
|
|
|
end
|
2013-01-03 12:00:55 +00:00
|
|
|
|
2012-04-23 06:55:16 +00:00
|
|
|
# return token if valid
|
2015-04-30 17:20:27 +00:00
|
|
|
token.user
|
2012-04-23 06:55:16 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
private
|
2015-05-01 12:31:46 +00:00
|
|
|
|
2013-06-12 15:59:58 +00:00
|
|
|
def generate_token
|
2015-05-05 10:32:25 +00:00
|
|
|
|
|
|
|
|
loop do
|
2013-06-12 15:59:58 +00:00
|
|
|
self.name = SecureRandom.hex(20)
|
2015-05-05 10:32:25 +00:00
|
|
|
|
|
|
|
|
break if !Token.exists?( name: self.name )
|
|
|
|
|
end
|
2013-06-12 15:59:58 +00:00
|
|
|
end
|
|
|
|
|
end
|
